You can map a specific group of users to a specific data source by using group mappings and an external data connection file in Secure Store. This provides more fine-grained security than using the unattended service account. Creating a group mapping with an external data connection file consists of the following steps:

Once the account has been created, follow these steps to create a logon for the data access account in SQL Server. (If you are using a data source other than SQL Server, see the instructions for your data source to create a logon with data-read permissions for the data access account.)

To create a SQL Server logon for the data access account

In SQL Server Management Studio, connect to the database engine.

In Object Explorer, expand Security.

Right-click Logins, and then click New Login.

In the Login name box, type the name of the Active Directory account that you created for data access.

Under Select a page, click User Mapping.

Select the Map check box for the database that you want to provide access to, and then, in the Database role membership for: <database> section, select the db_datareader check box.

Click OK.

Once you have created a logon for the data access account and granted the account access to your data source, you must create a target application in Secure Store to contain the credentials for the data access account. This target application will be used to map the data access account to the users to whom you want to grant data access.

When you create the target application, you will be able to specify individual users to whom you want to grant data access, or you can specify an Active Directory group. For ease of administration, we recommend that you use an Active Directory group. This allows you to update the user list in the future without having to update the target application.

Use the following procedure to create the target application.

To create a target application

On the the SharePoint Central Administration website home page, in the Application Management section, click Manage service applications.

Click the Secure Store Service service application.

On the ribbon, click New.

In the Target Application ID box, type an ID for the target application (for example, VisioServicesDataAccess).

In the Display Name box, type a name for the target application.

In the Contact E-mail box, type an email address.

In the Target Application Type drop-down list, select Group.

Click Next.

Leave the default credential fields, and then click Next.

On the "Specify the membership settings" page:

In the Target Application Administrators box, type the account of the user who will administer this account.

Note:

You can type multiple names or the name of an Active Directory group that contains the users whom you want to administer this target application.

In the Members box, type the names of the users to whom you want to give data access or the name of the Active Directory group that contains those users.

Click OK.

Once the target application has been created, you must set the target application to use the credentials for the data access account that you created. Use the following procedure to set the credentials.

To set the credentials for the target application

On the Secure Store Service Application page, in the Target Application ID column, point to the target application that you just created, click the arrow that appears, and then click Set Credentials.

In the Windows User Name box, type the Active Directory account that you created for data access.

Type and confirm the password for the account.

Click OK.

The next step is to create an ODC file that references the Secure Store target application that you just created. You can create the ODC file in Visio as part of your diagram creation process.

Use the following procedure to create an ODC file and publish it to a data connection library.

Note:

This procedure uses Visio Professional 2013. If you are using Visio 2010, then you must create the ODC file in Excel.

Use the following procedure to create a data-connected diagram by using an ODC file.

To create an ODC file and link data to shapes in Visio

In Visio Professional 2013, open a diagram or create a new diagram.

On the ribbon, click the Data tab, and then click Link Data to Shapes.

On the Data Selector page, choose the Microsoft SQL Server database option, and then click Next.

On the Connect to Database Server page, type the name of your database server, and then click Next.

On the Select Database and Table page, select the database to which you want to connect, and then click Next.

On the Save Data Connection File and Finish page:

Click Authentication Settings.

On the Visio Services Authentication Settings dialog box, choose the Use a stored account option, type the application ID of the Secure Store target application that you created in the Application ID text box, and click OK.

Click Browse.

Browse to a data connection library.

Note:

Visio Services does not require that ODC files be saved to a data connection library. However, for easiest administration, we recommend using data connection libraries to store all your data connection files.

Type a name for the ODC file, and then click Save.

Click Finish.

If the Web File Properties dialog box appears, click OK.

On the Select Data Connection page, click Finish.

Connect the data to the shapes in your diagram.

When you are ready to save the drawing, click File, click Save, and then browse to a SharePoint document library.

Type a file name, and then click Save.

Once the diagram has been published, it is available to view by using Visio Services. When the data in the diagram is refreshed, it uses the ODC file that you specified and the Secure Store target application specified within.

Once the ODC file has been saved to the data connection library, you can connect directly to it when linking data to shapes in Visio. This allows you to share a single data connection file among multiple Visio diagrams.

Use the following procedure to connect to an existing ODC file.

To create a data-connected diagram by using an ODC file

In Visio Professional 2013, open a diagram or create a new diagram.

On the ribbon, click the Data tab, and then click Link Data to Shapes.

On the Data Selector page of the wizard, click Previously created connection, and then click Next.

On the Select Data Connection page, click Browse.

On the Existing Connections dialog box, click Browse for More.

In the Data Selector dialog box, in the URL box, type the URL of the data connection library where you saved the ODC file, and then press Enter.

Select the ODC file and then click Open.

On the Select Data Connection page, click Finish.

Connect the data to the shapes in your diagram.

When you are ready to save the drawing, click File, click Save, and then browse to a SharePoint document library.